Covert channel analysis and detection using reverse proxy servers.

Buchanan, William J; Llamas, David

Covert channel analysis and detection using reverse proxy servers.

Buchanan, William J; Llamas, David

Authors

Prof Bill Buchanan B.Buchanan@napier.ac.uk
Professor

David Llamas

Abstract

Data hiding methods can be used by intruders to communicate over open data channels (Wolf 1989; McHugh 1995; deVivo, deVivo et al. 1999), and can be used to overcome firewalls, and most other forms of network intrusion detection systems. In fact, most detection systems can detect hidden data in the payload, but struggle to cope with data hidden in the IP and TCP packet headers, or in the session layer protocol. This paper contains proposes a novel architecture for data hiding, and presents methods which can be used to detect the hidden data and prevent the use of covert channels for its transmission.

Citation

Buchanan, W. J., & Llamas, D. (2004, June). Covert channel analysis and detection using reverse proxy servers. Paper presented at 3rd International Conference on Electronic Warfare and Security (EIWC)

Presentation Conference Type	Conference Paper (unpublished)
Conference Name	3rd International Conference on Electronic Warfare and Security (EIWC)
Publication Date	2004
Deposit Date	Jan 12, 2011
Publicly Available Date	Jan 12, 2011
Peer Reviewed	Peer Reviewed
Keywords	Reverse proxy server; covert channel; data hiding; firewalls; network intrusion detection systems; packet headers; session layer protocol;
Public URL	http://researchrepository.napier.ac.uk/id/eprint/3949
Contract Date	Jan 12, 2011